<!-- pageSelection.php
      Looks at the URI and fetches the apropriate
       page to be displayed in the index.php; This page helped me
        set up this little bit of code
         http://www.webcheatsheet.com/PHP/get_current_page_url.php -->

<!--Takes in: Input from menu
    Returns: Main Body Content of page-->

<!--Function Begins-->
<?php

function getPermission($page,$section)
{
	$allowedGroups = "";
	$deniedGroups = "";
	//check to see the permissions of the page the group and the user
	if (isset($_SESSION["Username"]))
	{
		$user = $_SESSION["Username"];
		$groups = $_SESSION["group"];
	}
	$file = fopen("permissions.txt","r") or exit("Shit happens!");
	
							//tests for end-of-file the file pointer
					while (!feof($file))
					{
								  //Reads one line from $file (passwords.txt) and sets it to the variable $line
						$line = fgets($file);
	
	        //compares the entered username's group ($username, which came from $_REQUEST['Username'])
	        //to the strings returned by the string tokenizer which splits the strings
		//according to the character "|"
	
						if ( $page == strtok($line,"|").".php" )
						{
							$allowedGroups = strtok("|");
							$deniedGroups = trim(strtok("|")); // it took THREE PHOQUING HOURS to find this bug. 
															//strtok("|") returns "Users " instead of "Users".
															//Yeah, try to find a whitespace at 1h30 in the morning...
							break;
						}
					}
	//Close
	fclose($file);
		
	if($deniedGroups == null || $deniedGroups == "") { return true; } //if the page has no restricted acces
	
	if($groups == null || $groups == "") { return false;}  //if page is restricted and user is not logged in, deny access
	
	//if only one group is denied access, checks if the user belongs to one of those groups.	
	if(!strpos($deniedGroups, ".")){ if(substr_count($groups, $deniedGroups) > 0) return false; }
	
	$deniedArray = explode(",",$deniedGroups); //if there are multiple groups with denied users, split them into array.
	foreach($deniedArray as $x){ if(substr_count($groups, $x) > 0) return false; }
	
	return true;
}


if (isset($_GET['iframe'])) {
	$ifurl = $_GET['iframe'];   //get page from url and add .php at the end
	echo'<iframe src ="'.$ifurl.'" class="iframe"> iframes not supported</iframe>';
	echo'<div></div><br/>'; //added so the wunderbar takes the height of the iframe into account.
}
else{


$section = "";
$page =".php";
if (isset($_GET['page']))
	$page = $_GET['page'].".php";   //get page from url and add .php at the end

if (isset($_GET['section']))
	$section = $_GET['section'];   //get section from url

//add '/' at the end of section if present
if ($section != null) { $section.="/"; }


$load = false;
$load = getPermission($page,$section);


//changes link for amdin directory
if ($section == "admin/" ) { $section = "../".$section."menu/"; }

if ($page == ".php"){ include("services.php"); }   //refers index.php to services.php

else {

   if(!file_exists($section.$page)) {
      echo('<div class="errorMessage center XLbodycopy"><br/><br/>File not found.</div>');
   }

   elseif(!$load) {

   echo('<div class="errorMessage center">
   <br/><br/>
   <img src="http://www.usalinux.org/ind.jpg" alt="ACCESS DENIED"/>
   <!-- This images was taken from www.usalinux.org -->');
   if(isset($_SESSION["Username"])) { echo('<p class="header1">You do not have access to this page.</p>'); }
   
   else { echo('
   <p class="header1">Please log in to view this page.</p>
   The login is conveniently situated in the upper right-hand corner on all pages of this site.
   <br/><br/><br/><br/>
   <div>'); } 
   }
   else {
   					include($section.$page);
   }
}
}
?>
<!--Function Ends-->
